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1 1 . A computer program stored on a computer readable medium or a propagated signal 

2 for leveraging a persistent connection to provide a client access to a secured service, the 

3 computer program comprising: 

4 an input code segment that causes a computer to receive input from a client; 

5 a persistent connection code segment that causes the computer to establish a 

6 persistent connection with the client in response to a first request received through the input 

7 code segment from the client; and 

8 a broker code segment that causes the computer to broker a connection between the 

9 client and a secured service based on a second request received through the input code 
10 segment from the client by leveraging the persistent connection with the client. 

1 2. The computer program of claim 1 wherein: 

2 the persistent connection is established based on keystone authentication information 

3 provided by the client; and 

4 the broker code segment comprises a transparent authentication code segment that 

5 causes the computer to leverage the keystone authentication to authenticate the client without 

6 provision by the client of authentication information duplicative or additional to the keystone 

7 authentication information used to establish the persistent connection. 

1 3. The computer program of claim 1 wherein: 

2 the persistent connection is established based on keystone authentication information 

3 provided by the client; and 

4 the broker code segment comprises a transparent authentication code segment that 

5 causes the computer to leverage the keystone authentication to authenticate the client without 

6 provision by the client of authentication information duplicative of the keystone 

7 authentication information used to establish the persistent connection. 

1 4. The computer program of claim 1 wherein: 

2 the persistent connection is established based on keystone authentication information 

3 provided by the client; and 
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4 the broker code segment comprises a transparent authentication code segment that 

5 causes the computer to leverage the keystone authentication to authenticate the client without 

6 provision by the client of authentication information additional to the keystone authentication 

7 information used to establish the persistent connection. 

1 5. The computer program of claim 1 wherein the broker code segment causes the 

2 computer to broker the connection between the client and the secured service before the 

3 client attempts to connect to the secured service directly. 

1 6. The computer program of claim 1 wherein the persistent connection code segment 

2 comprises: 

3 a receiving code segment that causes the computer to receive keystone authentication 

4 information from the client; 

5 a keystone authentication code segment that causes the computer to authenticate the 

6 client based on the keystone authentication information and to provide a keystone 

7 authentication associated with the persistent connection; and 

8 a connection code segment that causes the computer to establish the persistent 

9 connection with the client based on the keystone authentication. 

1 7. The computer program of claim 6 wherein the broker code segment includes a 

2 leveraging code segment that causes the computer to receive the second request from the 

3 client for connection to the secured service after the persistent connection to the client is 

4 established. 

1 8. The computer program of claim 7 wherein the leveraging code segment further 

2 comprises: 

3 a leveraged authentication code segment that causes the computer to provide a 

4 leveraged authentication based on the keystone authentication associated with the persistent 

5 connection; and 

6 a leveraged connection code segment that causes the computer to use the leveraged 

7 authentication to establish the connection with the secured service. 
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1 9. The computer program of claim 8 wherein the leveraged authentication code 

2 segment comprises a transparent authentication code segment that causes the computer to 

3 provide the leveraged authentication based on the keystone authentication without provision 

4 by the client of authentication information duplicative or additional to the keystone 

5 authentication information used to establish the persistent connection. 

1 10. The computer program of claim 1 wherein: 

2 the persistent connection code segment includes a first partition code segment that 

3 causes the computer to establish the persistent connection between the client and a persistent 

4 connection service in response to the first request from the client; and 

5 the broker code segment includes a second partition code segment that causes the 

6 computer to use a broker service to broker the connection between the client and the secured 
|B 7 service based on the second request from the client. 

*p 1 11. The computer program of claim 10 wherein the second partition code segment 

i2 2 comprises a reception code segment that causes the computer to receive from the persistent 

• y 3 connection service at a connection request address a communication based on the second 

O 4 request from the client. 

§1 12. The computer program of claim 1 wherein the broker code segment comprises: 

ju 2 a liaison code segment that causes the computer program to communicate as an 

3 intermediary with the client and the secured service based on the second request from the 

4 client so that the client may obtain authorization information that may be used to establish 

5 the connection to the secured service; 

6 a determining code segment that causes the computer to determine the authorization 

7 information based on the second request from the client; 

8 a communication code segment that causes the computer to communicate to the 

9 secured service an indication that the client desires to connect to the secured service, wherein 
1 o the indication comprises the authorization information; 
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1 1 a receiving code segment that causes the computer to receive a response from the 

12 secured service indicating that the client may be allowed to establish the connection to the 

13 secured service by presenting the authorization information to the secured service; and 

1 4 an authorization code segment that causes the computer to communicate the 

15 authorization information to enable the client to present the authorization information to the 

16 secured service to establish the connection with the secured service. 

1 13. The computer program of claim 1 wherein the broker code segment further 

2 comprises: 

3 a liaison code segment that causes the computer program to communicate as an 

4 intermediary with the client and the secured service based on the second request from the 

5 client so that the client may obtain authorization information that may be used to establish 
ifi 6 the connection to the secured service; 

■*f 7 a communication code segment that causes the computer to communicate to the 

Hi 

,p 8 secured service an indication that the client desires to connect to the secured service; 

{2 9 a receiving code segment that causes the computer to receive a response from the 

■ y Ho secured service indicating that the secured service may accept a connection from the client, 

1 31 1 wherein the response includes the authorization information; 

J~ J12 an authorization code segment that causes the computer to communicate the 

*0l 3 authorization information to enable the client to present the authorization information to the 

|Ii4 secured service to establish the connection with the secured service. 

1 14. The computer program of claim 1 3 wherein the response received by the 

2 computer from the secured service includes authorization information determined by the 

3 secured service. 

1 15. The computer program of claim 1 wherein: 

2 the broker code segment includes a liaison code segment that causes the computer 

3 program to communicate as an intermediary with the client and the secured service based on 

4 the second request from the client so that the client may obtain authorization information that 

5 may be used to establish the connection to the secured service; 
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6 the authorization information comprises constraint information; and 

7 the authorization information may be ineffective to establish a connection with the 

8 secured service if the connection constraints are not satisfied by the constraint information. 

1 16. The computer program of claim 15 wherein the connection constraints include a 

2 constraint that limits a number of uses for the authorization information to a predetermined 

3 threshold number. 

1 17. The computer program of claim 1 6 wherein the connection constraints include a 

2 one-time-use password. 

1 18. The computer program of claim 15 wherein the connection constraints include a 

2 constraint that the authorization information be used within a predetermined time window. 

1 19. The computer program of claim 15 wherein the connection constraints include a 

2 constraint that the authorization information be presented to the secured service by a client 

3 for whom the connection was brokered. 

1 20. A method of leveraging a persistent connection to provide a client access to a 

2 secured service, the method comprising: 

3 receiving a first request from a client; 

4 establishing a persistent connection with the client in response to the first request 

5 from the client; 

6 receiving a second request from the client; and 

7 brokering a connection between the client and a secured service based on the second 

8 request from the client by leveraging the persistent connection with the client. 

1 21 . The method of claim 20 wherein: 

2 establishing the persistent connection with the client includes authenticating the client 

3 based on keystone authentication information provided by the client; and 
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4 brokering the connection between the client and the secured service includes 

5 leveraging the keystone authentication information to authenticate the client without 

6 provision by the client of authentication information duplicative or additional to the keystone 

7 information used to establish the persistent connection. 

1 22. The method of claim 20 wherein : 

2 establishing the persistent connection with the client includes authenticating the client 

3 based on keystone authentication information provided by the client; and 

4 brokering the connection between the client and the secured service includes 

5 leveraging the keystone authentication information to authenticate the client without 

6 provision by the client of authentication information duplicative of the keystone information 

7 used to establish the persistent connection. 

^ 1 23. The method of claim 20 wherein : 

S E 2 establishing the persistent connection with the client includes authenticating the client 

^: 3 based on keystone authentication information provided by the client; and 

^0 4 brokering the connection between the client and the secured service includes 

n 5 leveraging the keystone authentication information to authenticate the client without 

It I 6 provision by the client of authentication information additional to the keystone information 

?0 7 used to establish the persistent connection. 

1 24. The method of claim 20 wherein the connection between the client and the 

2 secured service is brokered before the client attempts to connect to the secured service 

3 directly. 

1 25. The method of claim 20 wherein establishing the persistent connection comprises: 

2 receiving keystone authentication information from the client; 

3 authenticating the client based on the keystone authentication information to provide 

4 a keystone authentication associated with the persistent connection; and 

5 establishing the persistent connection with the client based on the keystone 

6 authentication. 
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1 26. The method of claim 25 wherein leveraging the persistent connection includes 

2 receiving the second request from the client for connection to the secured service after the 

3 persistent connection to the client is established. 

1 27. The method of claim 26 wherein leveraging the persistent connection with the 

2 client includes: 

3 providing a leveraged authentication based on the keystone authentication associated 

4 with the persistent connection; and 

5 using the leveraged authentication to establish the connection with the secured 

6 service. 

1 28. The method of claim 27 wherein the keystone authentication is used to provide 

2 the leveraged authentication without provision by the client of authentication information 
^ 3 duplicative or additional to the keystone authentication information used to establish the 
:p 4 persistent connection. 

^ 1 29. The method of claim 20 wherein; 

p 2 the persistent connection is established between the client and a persistent connection 

l^l 3 service; and 

*P 4 the connection between the client and the secured service is brokered by a broker 

5 service. 

1 30. The method of claim 29 wherein brokering the connection between the client and 

2 the secured service includes receiving from the persistent connection service at a connection 

3 request address a communication based on the second request from the client and wherein the 

4 connection request address varies systematically with time. 

1 31. The method of claim 20 wherein brokering comprises: 

2 receiving the second request from the client to connect to the secured service; 

3 determining authorization information based on the second request from the client; 
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4 communicating to the secured service an indication that the client desires to connect 

5 to the secured service, wherein the indication comprises the authorization information; 

6 receiving a response from the secured service indicating that the client may be 

7 allowed to establish the connection to the secured service by presenting the authorization 

8 information to the secured service; and 

9 communicating the authorization information to enable the client to present the 

10 authorization information to the secured service to establish the connection with the secured 

1 1 service. 

1 32. The method of claim 20 wherein brokering comprises: 

2 receiving the second request from the client to connect to the secured service; 

3 communicating to the secured service an indication that the client desires to connect 
-!! 4 to the secured service; 

f B 5 receiving a response from the secured service indicating that the secured service may 

J: 6 accept a connection from the client, wherein the response includes authorization information; 

7 and 

^0 8 communicating the authorization information to enable the client to present the 

*g=% 9 authorization information to the secured service to establish the connection with the secured 

^10 service. 



r: 1 33. The method of claim 32 wherein the authorization information is determined by 

2 the secured service. 

1 34. The method of claim 20 wherein: 

2 brokering comprises communicating as an intermediary with the client and the 

3 secured service based on the second request from the client so that the client may obtain 

4 authorization information that may be used to establish the connection to the secured service; 

5 the authorization information comprises constraint information; and 

6 the authorization information may be ineffective to establish a connection with the 

7 secured service if the connection constraints are not satisfied by the constraint information. 
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1 35. The method of claim 34 wherein the connection constraints include a constraint 

2 that limits a number of uses for the authorization information to a predetermined threshold 

3 number. 

1 36. The method of claim 34 wherein the connection constraints include a constraint 

2 that the number of times that the authorization information has been used not exceed a 

3 predetermined number of times. 

1 37. The method of claim 34 wherein the connection constraints include a one-time- 

2 use password. 

1 38. The method of claim 34 wherein the connection constraints include a constraint 

2 that the authorization information be used within a predetermined time window. 

1 39. The method of claim 34 wherein the connection constraints include a constraint 

2 that the authorization information be presented to the secured service by a client for whom 

3 the connection was brokered. 

1 40. A system for leveraging a persistent connection to provide a client access to a 

2 secured service, the system comprising: 

3 input means for receiving input from a client; 

4 persistent connection means for establishing a persistent connection with a client in 

5 response to a first request received through the input means from the client; 

6 broker means for brokering a connection between the client and a secured service 

7 based on a second request received through the input means from the client by leveraging the 

8 persistent connection with the client. 

1 41 . The system of claim 40 wherein: 

2 the persistent connection is established based on keystone authentication information 

3 provided by the client; and 
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4 the broker means comprises transparent authentication means for leveraging the 

5 keystone authentication to authenticate the client without provision by the client of 

6 authentication information duplicative or additional to the keystone authentication 

7 information used to establish the persistent connection. 

1 42. The system of claim 40 wherein: 

2 the persistent connection is established based on keystone authentication information 

3 provided by the client; and 

4 the broker means comprises transparent authentication means for leveraging the 

5 keystone authentication to authenticate the client without provision by the client of 

6 authentication information duplicative of the keystone authentication information used to 

7 establish the persistent connection. 

1 43. The system of claim 40 wherein: 

2 the persistent connection is established based on keystone authentication information 

3 provided by the client; and 

4 the broker means comprises transparent authentication means for leveraging the 

5 keystone authentication to authenticate the client without provision by the client of 

6 authentication information additional to the keystone authentication information used to 

7 establish the persistent connection. 

1 44. The system of claim 40 wherein the broker means brokers the connection between 

2 the client and the secured service before the client attempts to connect to the secured service 

3 directly. 

1 45. The system of claim 40 wherein the persistent connection means comprises: 

2 receiving means for receiving keystone authentication information from the client; 

3 keystone authentication means for authenticating the client based on the keystone 

4 authentication information to provide a keystone authentication associated with the persistent 

5 connection; and 
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6 connection means for establishing the persistent connection with the client based on 

7 the keystone authentication. 

1 46. The system of claim 45 wherein the broker means includes leveraging means for 

2 receiving the second request from the client for connection to the secured service after the 

3 persistent connection to the client is established. 

1 47. The system of claim 46 wherein the leveraging means further comprises: 

2 leveraged authentication means for providing a leveraged authentication based on the 

3 keystone authentication associated with the persistent connection; and 

4 leveraged connection means for causing the leveraged authentication to be used to 

5 establish the connection with the secured service. 

1 48. The system of claim 47 wherein the leveraged authentication means comprises 

2 transparent authentication means for causing the leveraged authentication to be provided 

3 based on the keystone authentication without provision by the client of authentication 

4 information duplicative or additional to the keystone authentication information used to 

5 establish the persistent connection. 

1 49. The system of claim 40 wherein: 

2 the persistent connection means includes first partition means for establishing the 

3 persistent connection between the client and a persistent connection service in response to the 

4 first request from the client; and 

5 the broker means includes second partition means for causing a broker service to be 

6 used to broker the connection between the client and the secured service based on the second 

7 request from the client. 

1 50. The system of claim 49 wherein the second partition means comprises reception 

2 means for receiving from the persistent connection service at a connection request address a 

3 communication based on the second request from the client. 
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1 51. The system of claim 40 wherein the broker means further comprises: 

2 liaison means for communicating as an intermediary with the client and the secured 

3 service based on the second request from the client so that the client may obtain authorization 

4 information that may be used to establish the connection to the secured service; 

5 determining means for determining the authorization information based on the second 

6 request from the client; 

7 communication means for communicating to the secured service an indication that the 

8 client desires to connect to the secured service, wherein the indication comprises the 

9 authorization information; 

10 receiving means for receiving a response from the secured service indicating that the 

1 1 client may be allowed to establish the connection to the secured service by presenting the 

12 authorization information to the secured service; and 

%13 authorization means for communicating the authorization information to the client to 

^Sl4 enable the client to present the authorization information to the secured service to establish 

,pl5 the connection with the secured service. 

! D 1 52. The system of claim 40 wherein the broker means further comprises: 

H 2 liaison means for communicating as an intermediary with the client and the secured 

It : 3 service based on the second request from the client so that the client may obtain authorization 

=0 4 information that may be used to establish the connection to the secured service; 

jT 5 communication means for communicating to the secured service an indication that the 

6 client desires to connect to the secured service; 

7 receiving means for receiving a response from the secured service indicating that the 

8 secured service may accept a connection from the client, wherein the response includes the 

9 authorization information; 

10 authorization means for communicating the authorization information to the client to 

1 1 enable the client to present the authorization information to the secured service to establish 

12 the connection with the secured service. 

1 53. The system of claim 52 wherein the response received by the receiving means 

2 includes authorization information determined by the secured service. 
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1 54. The system of claim 40 wherein: 

2 the broker means includes liaison means for communicating as an intermediary with 

3 the client and the secured service based on the second request from the client so that the 

4 client may obtain authorization information that may be used to establish the connection to 

5 the secured service; 

6 the authorization information comprises constraint information; and 

7 the authorization information may be ineffective to establish a connection with the 

8 secured service if the connection constraints are not satisfied by the constraint information. 
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